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Abstract 



In many integer factoring algorithms, one produces a sequence of integers (created 
in a pseudo-random way), and wishes to rapidly determine a subsequence whose 
product is a square (which we call a square product). In his lecture at the 1994 
International Congress of Mathematicians, Pomerance observed that the following 
problem encapsulates all of the key issues: Select integers a\ , a 2 , . . . , at random from 
the interval [1, x], until some (non-empty) subsequence has product equal to a square. 
Find good estimate for the expected stopping time of this process. A good solution 
to this problem should help one to determine the optimal choice of parameters for 
one's factoring algorithm, and therefore this is a central question. 

Pomerance (1994), using an idea of Schrocppel (1985), showed that with proba- 
bility 1 — o(l) the first subsequence whose product equals a square occurs after at 
least Jq~°^ integers have been selected, but no more than J , for an appropriate 
(explicitly determined) J = Jq{x). Herein we determine this expected stopping 
time up to a constant factor, tightening Pomerance's interval to 

[(7r/4)(e-T - o(l)) Jo, (e-T + o(l))Jb], 

where 7 = 0.577... is the Eulcr-Mascheroni constant. We will also confirm the well 
established belief that, typically, none of the integers in the square product have 
large prime factors. 

We believe that there should, in fact, be a sharp threshold for this stopping time, 
that it should occur with probability 1 — o(l) after at least {e -7 — o(l)}J integers 
have been selected, but no more than {e~ 7 + o(l)} J , with Jq{x) as before. 

Our proofs use methods somewhat different from previous articles on this subject. 
The heart of the proof of the upper bound lies in delicate calculations in probabilistic 
graph theory, supported by comparative estimates on smooth numbers using precise 
information on saddle points. 
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1 Introduction 



Several algorithms for factoring integers n (including Dixon's random squares algorithm 
[6] , the quadratic sieve [12] , the multiple polynomial quadratic sieve |17j , and the number 
field sieve [2] - see |16| for a nice expository article on factoring algorithms) work by 
generating a pseudorandom sequence of integers a\, ct2, with each 

m = bf (mod n), 

until some subsequence of the a^s has product equal to a square. Say we have such a 
subsequence 

Oi 15 ...,<H h , where Y 2 = a h ---a ik , 

and set 

X 2 = (b tl ..-b lk ) 2 . 

Then 

n\Y 2 -X 2 = (Y - X)(Y + X), 

and there is a fair chance that gcd(n, Y — X) is a non-trivial factor of n. If so, we have 
factored n. 

In his lecture at the 1994 International Congress of Mathematicians, Pomerance 
[T5] observed that in the (heuristic) analysis of such factoring algorithms one assumes 
that the pseudo-random sequence ax , a% , ... is close enough to random that we can make 
predictions based on this assumption. Hence it makes sense to formulate this question 
in its own right, in particular to determine whether this part of the factoring algorithm 
can be significantly sped up. 

Pomerance's Problem. Select positive integers 01,02,..- < x independently at ran- 
dom (that is, a,- = m with probability 1/x for each integer m, 1 < m < x), until some 
subsequence of the dj's has product equal to a square. When this occurs, we say that the 
sequence has a square dependence. What is the expected stopping time of this process ? 



To discuss the history of this problem, and our own work, we need to introduce some 
notation: Let ir(y) denote the number of primes up to y. Call n a y-smooth integer if all 
of its prime factors are < y, and let ^f(x,y) denote the number of y-smooth integers up 
to x. Let 1/0 = Vo{x) be a value of y which maximizes ty(x,y)/y, and let 

t ( \ ^o) m 

V(x,y ) 

In Pomerance's problem, let T be the smallest integer t for which a\, ...,dt has a square 
dependence (note that T is itself a random variable). In 1985, Schroeppel gave a simple 
argument to justify that for any e > we have 

Prob(T < (l + e)J (x)) = 1 - o(l) 

as x — ► 00, and in 1994 Pomerance showed that 

Prob(T > Mx) 1 -') = l-o(l). 
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as x — > oo. Therefore there is a transition from "unlikely to have a square product" to 
"almost certain to have a square product" at T = Jq(x) 1+ °^ 1 \ Pomerance asked in [3] 
whether there is a sharper transition, and we conjecture that T has a sharp threshold: 
This would mean that there exists a function f(x) such that for every e > 0, 

Prob(T G [(1 - e)f(x), (1 + e)f(x)}) = 1 - o(l) (2) 

as x — > oo. In fact we believe that this threshold is f(x) = e _7 Jo(x): 

Conjecture 1.1 For every e > we have 

Prob(T G [(e -7 — e)Jo(x), (e~ 7 + e) J (x)]) = 1 - o(l), (3) 
osx^ oo, where 7 = 0.577... is i/ie Euler-Mascheroni constant. 

The constant e~ 7 in this conjecture is well-known to number theorists. It appears 
as the ratio of the proportion of integers free of prime divisors smaller than y, to the 
proportion of integers up to y that are prime. However this is not how it appears in our 
discussion, and we have failed to find a more direct route to this prediction. 

The bulk of this article will be devoted to establishing the upper bound in the above 
conjecture. We will prove something a little weaker than the conjectured lower bound: 

Theorem 1.2 We have 

Prob(T G [(^/4)(e- 7 -e)J (x), (e~ 7 + e) J (x)}) = 1 - o(l), 

for any e > as x — > 00. 

To obtain the lower bound in our theorem, we obtain a good upper bound on the 
expected number of sub-products of the large prime factors of the a^'s that equal a 
square, which allows us to bound the probability that such a sub-product exists, for 
T < ("7r/4)(e~ 7 — o(l))Jo(x). This is the "first moment method". 

Schroeppel established his upper bound, T < (l+o(l)) Jo(x), by showing that by then 
one expects more than 7r(yo) 2/0-smooth integers amongst a±, 02, • • • , «t, which guarantees 
that the sequence has a square dependence. (To see this, create a matrix over F2 whose 
columns are indexed by the primes up to yo, whose rows are indexed by the numbers 
i such that a% is yo-smooth, and whose (i,p)ih entry is given by the exponent on p in 
the factorization of Oj, for each ?/o- smoo th a^. Then a square dependence amongst the 
a,i is equivalent to a dependence amongst the corresponding rows of our matrix, so that 
we are guaranteed a square dependence once the matrix has more than 7r(j/o) rows.) If 
we replace the complicated random model which creates this matrix by one in which 
any given row appears as a row of this matrix with equal probability then one expects 
a linear dependence only once the matrix has more than 7r(yo) — 0(1) rows (see section 
3.1 of [5] for details; also see [3] for a lower bound in a related model of choosing binary 
vectors of fixed weight randomly, until finding a GF(2)-dependent set). 
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Schroeppel's approach is not only good for theoretical analysis, in practice one 
searches among the Oj for yo- sm °°th integers and hunts amongst these for a square 
dependence, using linear algebra in F2 on the primes' exponents. Computing specialists 
have also found that it is easy and profitable to keep track of a% of the form Sj^j, where 
Si is ycr smo °th and is a prime exceeding y ; if both a.j and dj have exactly the same 
large prime factor qi = qj then their product is a 7/o- smo °th integer times a square, and 
so can be used in our matrix as an extra smooth number. This is called the large prime 
variation, and the upper bound in Theorem 1 of [5] is obtained by computing the limit 
of this method (to obtain a constant, in place of e -7 which is a tiny bit smaller than 
3/4). 

One can also consider the double large prime variation in which one allows two largish 
prime factors so that, for example, the product of three a^s of the form pqs\,prs2,qrs3 
can be used as an extra smooth number. Experience has shown that each of these 
variations has allowed a small speed up of various factoring algorithms (though at the 
cost of some non-trivial extra programming), and a long open question has been to 
formulate all of the possibilities for multi-large prime variations and to analyze how they 
affect the running time. Sorting out this combinatorial maze has been the most difficult 
part of our work. 

When our process terminates (at time T) we have some subset I of a\, ot, including 
cit, whose product equals a squareH It is not hard to show that this square product is 
T 2 -smooth (see Section 3.2 of [5]); here we give a more precise idea of what / looks like: 

Theorem 1.3 

a) In the special case that for e > 0, conditional on the event {T < (-7r/4)(e -7 — 
e)Jo(x)}, we find that I consists of a single number a% (which is therefore a square) with 
probability 1 — o(l). 

b) In general, with probability 1 — o(l), we have that 

2/oexp(-(c 3 + e) v / logy^) < \I\ < y exp((c 3 + e) v^ogyo)], (4) 

where C3 = ^J2 — log 2. In other words, when the algorithm terminates the square product 
I is, almost certainly, composed of g/n + = Jq{x) 1 ^ 2+0 ^ numbers ai. 

c) Also, with probability 1 — o(l) all the elements of I are 

2/o ex P(( 2 + e ) \/ lo g Vo log log yo) -smooth. 

The last part of this result confirms the long held suspicion that the earliest occurring 
square products are almost always composed only of smooth numbers with a suitable 
smoothness parameter, though the smoothness bound that we give may be significantly 
larger than is possible, for all we know. 

We expect that one can give more precise descriptions of /, specifying more precisely 
how large / is, and improving the smoothness bound on the elements of /, perhaps even 
to yo<f>(x) for any function (f> for which <p{x) — ► 00 as x — > 00. 

5 Note that I is unique, else if we have two such subsets I and J then {I U J) \ (J fl J) is also a set 
whose product equals a square, but does not contain ar, and so the process would have stopped earlier 
than at time T. 
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There are now several theorems along the lines of Conjecture 1 in the literature, 
including some quite general approaches. Friedgut's theorem [8], characterizing a coarse 
threshold for monotone or symmetric^ graph properties, has been instrumental in proving 
the existence of a sharp threshold for several graph properties. However it does not seem 
to be applicable in the present context, since the square dependence problem is not 
symmetric. Bourgain's strengthening of sorts of Friedgut's theorem (see the appendix 
to [5]) is in principle applicable in the present context, though various researchers have 
not yet succeeded in doing so. 

Pomerance's main goal in enunciating the random squares problem was to provide 
a model that would prove useful in analyzing the running time of factoring algorithms, 
such as the quadratic sieve. In [5] we analyzed the running time of Pomerance's random 
squares problem to show that the running time will be inevitably dominated by finding 
the actual square product once we have enough integers. Indeed this carries over to an 
analysis of the quadratic sieve factoring algorithm (and presumably the other factoring 
algorithms as well) ; a consequence is that to optimize the running time of the quadratic 
sieve we look for a square dependence among the y-smooth integers with y significantly 
smaller than yo> so that Pomerance's problem is not quite so germane to the question as 
it had at first appeared. Anyway, see [5] for further discussion of these issues. 

The paper is organized as follows. In section 2, we derive the necessary technical 
lemmas involving smooth numbers. In section 3, we derive the lower bound for T given 
in Theorem 11.21 an d develop these ideas to prove Theorem 11.31 Finally, in section 4, we 
develop our analysis of multiprime variations. 

2 Smooth numbers 

In previous analyses of these questions, authors have typically used estimates for ^(x, y) 
for y a fixed power of yo- I n this range one can determine an asymptotic for ^>{x,y) in 
terms of a saddle point, an implicit quantity. It has proved to be difficult to deduce an 
asymptotic for ^(x,y), or even something close, in terms of simple explicit functions. 
One of the key innovations in this article is to by-pass this issue by comparing values 
of ty(x,y) for different, but closely related, values of x and y: Since the saddle points 
are not too different one can obtain sharp explicit estimates for the ratio of two such 
^-values. In this technical section we deduce several such results, primarily from the 
deep work of Hildebrand and Tenenbaum [10] . which will come in useful later. 





2.1 Classical smooth number estimates 



From [TO] we have that the estimate 




as x — > oo where x = y 



u 



(5) 



6 That is, invariant under permutations of the elements involved. 
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holds in the range 

exp ((log log a;) 2 ) < y < x, (6) 
where p(u) = 1 for < u < 1, and where 

1 r u 

p(it) = — / p(i) cfi for all u > 1. 
This function p(u) satisfies 

p(u) = exp(-(u + o(u)) log it); 

and so 

^(x,y) = x exp(— (u + o(u)) log -u). (7) 

Now let 

L := L(x) = exp log x log log x^ . 

Then, using ([7]) we deduce that for /3 > 0, 

^x^x)^ 1 )) = xL(x)- 1 / /3+ °( 1 ). (8) 
From this one can easily deduce that 

y (x) = L(x) 1+0 ^, and J (x) = y 2-{l+ (l)}/loglo g2/ o = L(x) 2+o(l) ) (Q) 

where yo an d Jo are as i n the introduction (see (pQ)). From this we can deduce the 
following basic estimate, which we will use in later proofs: 

Lemma 2.1 Fix constant (3 > 0. If y = then 

V(x,y)/y 2- / 3-/3- 1 +o(i) 
*(x,y )/yo V ° 

2.2 Hildebrand-Tenenbaum saddle point method estimates 

For any a > 0, one has 

*(x,y)< Yl (x/n) a <x a t(a,y), (10) 

P(n)<y 

where 

p<y 



Define a = a(x,y) to be the solution to 



By [TOj Theorem 1 and (7.19)] we obtain in the range ([6]) with u — > oo, 

v(cc,y) ~ — ^^^^^^^=. 

Q!V27rlogxlogy 

Let £ = be the solution to = u£ + 1 so that 

t , x , , , \, (l + o(l))loglogit 

£(it) = log(uioguJH , as u — > oo. 

log it 

Note also that ~ 1/u. In the range © it turns out that 

(1 - a(x, y)) log y = £(u) + 0(l/u) 

which implies that 

y i-a = e ««)^ + (!/ u )) = u^( u )(i + 0(l/u)). 

So, for 
we have 



l-a 



/3 2 logy ~ /3 1 log ?/o- 



By [10j Theorem 3] and (114p above, we have 



Proposition 2.2 Throughout the range §B$, for any 1 < d < x, we have 
where a is the solution to 177]) . In fact, 



provided that 

log d 



(]a{x.y) ' 



log u log y + V u l°g u l°g 2/ 



oo . 



Proof. By ([5]), for <i = y r with 0<r<u/2, we have 



The logarithm of the main term on the right side is 

-(1 - a)r logy + \og(p(u - r)/p(u)). 
Using the fact that u = (log x)/ (logy), this can be rewritten as 

p'(v 



r(£(u) -(1- a) log y) + (- J 



dv — r£ (u) 



i-r P(v) 

The first term is 0(r/u) by (|14p . Corollary 8.3 of [18] gives that 

-f/(v)/p(v)=t(v)(l + 0(l/v)), (18) 
so that the second term equals 

~ €(u ~ t))dt + 0{r\ogu/u). 

Now, differentiating = u( + 1 we obtain 

£ + u£' = f'e* = C'K + l), 

so that 

1 1 , '(.•<> 



u — (u — 1)£ 1 it(l + 0(1/ log u)) it \ \logit 
Therefore 

f\m-^-t))dt = J\r-v)?(u-v)dv= (l + o(-^\) J 



(r-v) 

i / ; / 1 \ dv 

log uj J J (u- V) 

1 + O I ) ] (r — (r — u) log(l — r/u)) . (19) 

\oguJ J 



Combining this with the above yields that 

l0E (^Mf) " -(l + o(^))(-(-«)log(l-r/»)) 

. , . viogtt iog(u + 1; 



u logy 



2u y \u log tt r J J \ log y 

From (I19p and the first equation here we find that this is negative provided r < u/2 and 
(log tt + y/u log u/ log y)/r — ► 0, and is o(l) in the complementary range. 

If d > \/x we simply iterate the above result: The proposition follows by noting that 
a(x, y) is a decreasing function in x for fixed y, by definition. □ 

We will require the following lemma, which is in one sense stronger, and in another 
sense weaker, than Lemma l2.1i 
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Lemma 2.3 We have 

#(x,y) / ^(x,yo) 



y Vyo(logy ) 1+e/4 , 
for all y outside of the range 

y exp(-(l + e) v / logyologlogy ) < V < yoexp((l + e)i/Iog y log logy ); (20) 

and 

*(x,y) < (2/e 2 -e)^(x,y ) 
V ~ Vo 

for all y outside of the range 



yo 



exp(-(c 3 + e)v / iogyo) < y < y exp((c 3 + e)y/\ogy ). (21) 



Proof. Let x = y^ . Define g(u) = g x (u) = logp(u) — n _1 logx. By ([5]) we have 
log(^ (x , y) / xy) = g{u) +0(l/u), provided logy X logL. Select u\ to maximize g(u). 
Therefore g(u\) > g(uo) by definition of u\\ and g(uo) > g(ui)+0(l/uo) by the definition 
of uo and the above estimate; therefore g(uo) = g{u\) + 0(1/uq). 

By (fl8j) . we have g'(v) = p'(v)/p(v) + v~ 2 logx = —£(v) + v~ 2 \ogx + 0(\ogv / v)\ so that, 
for t = 0(m/log u±), 

g'( Ul +t) = g'{ Ul +t)- g'{ui) 

= - t(ui +t) + ( - 1 ^ - -V) bgx + o ( loR " 1 



O (t±^l\ _ 2tnr 3 logx(l + 0(t/«i)) 
-2^ + 0^ + 1 ° gUl 



since = g' (u\ ) = — £ (u\ ) + u\ 2 log x + O (log u\ju\). Therefore 

- + T) = - [ T g'( Ul + t)dt = — (C(m) + 0(1)) + O fl^A (22) 

for T = 0(u\/\ogu\). We deduce that no = u\ + O(l), as well as both 

g(u) < g(u ) - (1 + e/3) logn for |u - uo| > (1 + e/2)\/wo , 

and 

y(u) < y(u ) - log(e 2 /2 + e) for |u - u | > (c 3 + e)vS)/log u , 
which are the desired results. □ 

Next we obtain a more accurate estimate for yo than ([9]): 
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Lemma 2.4 We have 

2 N 



log 3 x - log 2 / / log 3 x 



logyo = logL(x) 1 + + O and 

\ 21og 2 x \ V lo g2^/ 

uo£(«o) 1 + (1_ 



log 2/0 W 

Proof. In the notation of the Lemma 12.31 we see by (|22p that \g(u\ + T)| = o(l/ni) as 
T — > oo, so that no = ui + 0(1). We saw that nf£(ni)(l + 0(l/ui)) = logx, so the same 
equation is satisfied by no (in place of m), and the estimate for log 2/0 = (l/^o) logic 
follows from (fT3l) . Moreover no£(no) = logyo(l + O(l/uo)) □ 



Corollary 2.5 If d = p\p2 ■ ■ -Pk> where each pj is a prime in (y, My] we have 

tp(x/(pi ■ ■ -p k ) , yo ) (log2/o) fe 
^(x,yo) Pi'-Pk 

uniformly in k > 1 and logM = o((log xj log log x) 1 / 4 ), as x — > oo. ^4Zso 



(23) 



i/>(x/(p 1 ---p k ), 2/o) < 2 fc (log?/o) fc , 24 , 

i>(x,yo) ~ Pi'-Pk 

uniformly for k > 1 and logM = o(logx/loglogx) 1//2 , as x — > oo. 
Proof. We use (|17p at most 2/c times to obtain 

ip(x/(pi--p k ), 2/0) _ 1 ^i + o^ fe 1 fcl °gyoM . (pi • • •Pfc) 1 "' 3 



iP(x,yo) (pi---Pk) a { \u 2/o yj pi---Pk 

where a(x,2/ ) > /? > a(sc/(pi • • -Pk),yo)- If «' = log(a;/(pi • • -Pfc)/log(z/o) then v! = 
u + 0{k) and so 2/o _/3 = n o£( u o){l + 0(&/^o)} = l°g£/o{l + O(k/uo)}, by (fl~5j) and then 
Lemma 12.41 Hence we obtain (|23|) as A: 2 = o(uq) and, in our range, 

M fc(i-«) = exp(0(A;logM(loglog2/o)/(logyo))) = l + o(l). 

To obtain (|24p we can use the same estimates but now we simply need k/uo — ► so that 
yl~ P < (4/3) log 2/o, and log M/n so that M 1-/3 < (4/3). □ 

2.3 Straightforward analytic estimates 

We complete this section by collecting together various straightforward analytic estimates 
that will be needed later. 

Fix < a < b. By the prime number theorem, we have 

ay<q<by 
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where the sum is over primes q, and also that 

ay<q<by 



E ^< 21og m, (26) 



for all 1 < a < 6/2, once y is sufficiently large. To see this note that, since 
X/g<Q(^°S ( J r )/ ( ? = l°gQ + C + o(l), for some constant C, the sum is 



- Yl ~T = lo & ( \ ) + <V-oo(l;, 



and the result follows. 



Lemma 2.6 Lei 

~2 ) ~z 

The function g(l, C) is decreasing for C > 0, with 



g(P, C) := /T 2 / log ( — ^- ) 72 + 1 " lo s( C )- ( 27 ) 



lim g(l,C) = 7 + log(4/7r) . 

C/ — ►oo 

Proof. Since 

dg(l,C) _ log(^(e c + e- c )) 1 
dC C 2 C ' 

for all C > 0, we minimize by letting C — > 00. Integrating by parts, we have that 

lim g(l,C) = / 2 / . 

C-+oo yv ' ; 7 e 2 + e~ 2 z J 1 e z + e~ z z 

Now 6.1.50 of [T] states that 

e -t _ e -st\ dt 



logr(s) = ^°° ((s-l)e-* 



1 - e-* / * ' 
and the third line of 6.3.22 of [1] readily implies that 

r 1 . ts dt f°° f dt , , 

-t'V 1 -' r) T-/ e ~V < 28 » 

Since T(l/2) = 7T 1 / 2 , and taking s = 1/2 and i = 4z, our result follows. □ 

3 The lower bound for T in Theorem II. 2L and Theorem 11.31 

3.1 Proof strategy 

To establish that 

Prob(T > (^/4)(e~ 7 - e)J (xj) = 1 - o(l), 



we show that the expected number of non-trivial subsets S of {1, J} for which flies a * 
is a square is o(l), for J(x) = (7r/4)(e~ 7 — o(1))Jq(x). 
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3.2 Structure of a square product 

We begin with the following proposition. 

Proposition 3.1 Select integers a\,...,aj at random from [l,x]. The probability that 
there exists a subsequence I of the ai with 

2 < 1/1 < — — for which TT a is a square 

2 log log x ± - L T 

is 0(J 2 log x/x) provided J < x°^ . 

Proof. Suppose that b±, . . . ,bk were chosen at random from [1, x]. The probability that 
6162 ... bk is a square equals 

x-*|{6i,...A < x : 6162... 6* G Z 2 }|. 

Now write each bi uniquely as 

hi = Ciuf, where q is squarefree. 

Assuming that b\ - ■ ■ bk is a square, which implies c\ ■ ■ ■ c/~ is a square, define the 
doubly indexed sequence Cjj, where i,j = l,...,k and i 7^ j, to be any satisfying the 
relations 

Cjj = Cj t i, with Q = JJc»,j for each i. (29) 

The fact that such Cjj exist can be seen as follows: For each prime p dividing c±- ■ ■ Ck, 
we will need to decide which Cjj that p divides; and, to do this, suppose that p divides 
Cjj , Cj 2( (the reason it is 2i is that all the Cj are square- free and have product a square). 
Then, the following ctj are to be divisible by p, and no others: 



Each is then the product of the primes dividing c\ ■ ■ ■ c/. which divide it; and if this 
process leaves some Cjj not divisible by any prime p\c± ■ ■ ■ Ck, then we set Cij = 1. 

Given c±, c&, the number of sequences b±, bk satisfying bi = Ciuf is the number 
of possibilities for the numbers Uj, which is < (x/q) 1 / 2 ; and so, the probability that 
b± ■ ■ ■ bk is a square is 



\ 1/2 



for l<i<j<fc 



* ^ E (E^^d+K*.)^ (30) 

l<i<j<k 1)3 J 
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since each Cj j appears twice in the above product. Therefore the probability that there 
exists I C {1, 2, . . . , J} for which Yiiei a i ^ ^ 2 with |/| = k is 

^J_ (1+logx) ^<fAl±i^ lx ' /2 

; / x k l l V x 



< 

which gives 0(J 2 logx/x) for k = 2, and is < 1/x for 3 < A; < logx/21oglogx. □ 

3.3 The main argument 

In this subsection, we prove that 

Prob(V > (^/4)(e~ 7 - e)J (z)) = 1 - o(l). 

As a consequence of the upper bound proved in [5], we may assume that T < 
(3/4) Jo (a;) holds with probability 1 — o(l). Furthermore, following Proposition 13.11 we 
need only focus on subsequences / of a%, aj (where J = T < Jq(x)) of length exceeding 
logx/21oglogx, that have product equal to a square. 

Throughout we shall write ai = bid% where P{bi) < y and where either d% = 1 or 
p(di) > y , for 1 < i < k. Recall here that p(n) denotes the smallest and P(n) the 
largest prime divisor of n. If a%, . . . , are chosen at random from [1, x] then 



Prob(ai . . . a k G 1?) < Prob((ii . . . d k € 

k 



e n 



^{x/di,y) 



< 



d lt ...,d k >i i=i 

d 1 ...dj,gz2 
1^=1 or p(d i )>y 

{1 + o(1)} ^— J E -^5". (31) 

n=l or p(n)>y 



by Proposition 12.21 where Tfc(m) denotes the number of different ways of writing m as 
the product of k positive integers. 

Out of J = 7] Jo integers, the number of fc-tuples is ({) < (eJ/k) k ; and so the expected 
number of fc-tuples whose product is a square is 

H (e+0(1)) "i^*fe^J Sv + ~i B ~ + ~» E ~ +■■■;■ (32) 



We now consider k in two different ranges, and in both ranges we will select different 
values for y, so as to give good upper bounds for ([32]) : 



• First, if 



logx <k< v y\ 



2 log log x 
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i In 

then let y = y so that k = 0(2/0)- Therefore the Euler product in ([32]) is 



v _ ; 1 1 =e #). 



vp>y 

Now = x/y^~ /+0 ^ by ([8]) and therefore the quantity in ([32]) is 

/ 1 , 3+o(l) \ k 

which is < 1/x 2 in this first range for k. 
• Next, we consider the range 

yo /4 < k = y% < J < J . 

In this case we will choose y so that [k/C] = vr(y), and then will optimize the C later. 
For this choice of y a simple calculation reveals that 

1 , n(p 2 ) r fc (p 4 ) (fc/j/*) 2 

p 2ct p 4 " ~ 2! 4! 



In order to evaluate ([32]) we need to product this over primes p > y. The logarithm of 
this product equals 

^ / e k/v a +e -k/p a \ roc i ( k/t a , e -k/t a \ 

E M ) ~ ( yfM V )*■ 



p>y 

p prime 



by the prime number theorem. Letting z = k/t a , from (|16|) this last integral is 

log ^ cte. 



/o zlog(fc/z) 
Now, k l / a ~ /5~ 2 log y by ([16]) so that 

{k/z) 1 ^ 



(k/z)f3~ 



log(k/z 

as z = o(l). It follows that the quantity in f)32|) is bounded from above by 



(l + ctDK^J^f ) , (34) 



where C) is defined in ([27]) . 
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Now, for any fixed C we have, as a consequence of Lemma 12. 11 that (|34p is o(l/x 2 ) 
unless (3=1 + o(l); and so, we really only need to consider k = i/q +0 , as the total 
expected number of fc-tuples for other values of k add only o(l/x 2+ °W). If C = C(e) 
is sufficiently large then e 9<yl,c ^ < 4e 7/ 7r + e by Lemma 12.61 and, since yo maximizes 
^f(x,y)/y for y = yo, we deduce that (|3"2"j) is at most 

< ((l + e)Ar i e r /ir) k . 

Therefore, if rj < (1 — e)e~ 7 7r/4, then this is less than 1/x 2 . □ 

3.4 Proof of Theorem II. 3|, part (a) 

This last proof yields further useful information: If either J < (7r/4)(e~ 7 — e)Jo(x), or if 
k < i/q or k > yl + °^ , then the expected number of square products with k > 1 is 
0(Jo(x) 2 logx/rr), whereas the expected number of squares in our sequence is ~ J j\fx. 
This justifies Theorem 11.3( a). 

3.5 Proof of Theorem II. 3|, part (b) 

The proof in Section 3.3 yielded that if we have a square product then, with probability 
1 + o(l), we have | J| = k = y]^ ^. We now assume that k = £/o + °^ with 

k [yo exp(-(c 3 + e) y / logy ), y exp((c 3 + e)y1og yo)]. (35) 

^From the discussion following (|34p above, we know, by taking C large, that the number 
of such /c-tuples is at most 

\ K 'y(x,y )/yoJ 
By Lemma l2.3| this is at most 

((4e 7 /7r + e)(2/e 2 + (l))7 ? ) fe < l/2 fc , 

for sufficiently small e > 0, using the fact that r/ < 3/4. Therefore the expected number 
of k- tuples with product a square is o(l) for all k satisfying (|35|) . so that Theorem ll.3( b) 
follows. □ 

3.6 Proof of Theorem II. 3|, part (c) 

In the previous subsection we proved that 

\I\ < yi ■■= yoexp((l + e)y/\og y log log y ), 

with probability 1 — o(l). In this section we prove, among other results, part (c) of 
Theorem 11.31 
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Proposition 3.2 Write each en = bidi where P{bi) < y = y\ < p(di), and suppose that 
djj . . . dh is a subproduct which equals a square n 2 , but such that no subproduct of this 
is a square. Then, with probability 1 — o(l), we have I = o(logyo) an d n is a squarefree 
integer composed of precisely I — 1 prime factors, each < y 2 , where n < y 21 . 

Proof. For ease of notation we will relabel, replacing di ± . . . di t by d\ . . .d\. Note that 
with the choice of y = y\, we have y/llogy — > oo and y = yQ + °^\ so we know that 
y a ~ y/logy by ([IB]). 

We now show that n has at least I — 1 (not necessarily distinct) prime factors, so 
that n 2 = d\ . . .di > y 2<yl ~ l ^\ Create a graph G on the I vertices v\, . . . ,v\ where, for each 
prime p q which (exactly) divides n, draw a total of q edges, placing an edge between 
pairs of vertices Vj for which p divides dj. Now G is connected, since our square product 
is minimal, and so must have > I — 1 edges. 

We now modify the argument from the start of section 3.3 (with k replaced by I) 
to restrict our attention to cases in which d\...di > y 2l <p(x) 2 , where 4>(x) = y°^\ To 
obtain an upper bound we may multiply through the summand, in ([3~T|) . by (n / 'y 4>(x)) 2e , 
where we have chosen 8 > so that y 2e = (2y log I) /(I (logy) 2 ). Then we must multiply 
the right side of (I32h through by l/(y 2S ) l 4>(x) 28 and change the terms in the Euler product 
to (1 + n(p 2 )/p 2 ^-^ + r z (p 4 )/p 4 ( a - e ) + ...). 

First we bound the Euler product using the prime number theorem: Recall that the 
function Ti(n) counts the number of sequences of positive integers di,...,d{. such that 
d\ - ■ ■ dg = n. In the case n = p 2k , this amounts to computing the number of ordered 
partitions of 2k into £ parts that are > 0; so, 

. 2fcN (2k + l-l\ ^ \ £(£ + l)/2, if k = l; 



2k ) - 1 iffc>2. 



For p = yl + °^ = L(x) 1+ °^ , using (fTFj) with ft = 1, we have that 



1 log 2 p 



making the summation of terms involving p in the Euler product become: 

{1+o(1)} *±i).!2i!iv». 

2 p z 

Via the prime number theorem the logarithm of the Euler product is therefore 

1(1 + 1) ^ lQ g 2 P ^+1) f yi log* , 

2 ^ p 2 - 29 ~ 2 J v t 2 - 29 

y<p<y 4 

(Here the primes p, with y < p < y i+0<yl \ being the only relevant ones follows from 
comments made above the statement of Theorem 11.31 ) Now 9 < 1/2 by definition, so 
the above calculation becomes 

£(£ + !) logy 1(1 + 1) log 2 y 



[l-26)y l - 2e 2 y l - 2d (l- 20) logy' 
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Now y = £log y/21og£, so the above is 



log log 2 y/2 log i) V V lo S ' 

So putting ([32D to use as explained above, the expected number of such /-tuples is 

</>(>) V V logyo ^{x,y )/y J 

1 ^ + x t^w* V e (1+Q(1)K (37) 



0(x) 2e V (21og^)(logy ) ^(x,y )/y 

^ WF^y^f 11 ' (38) 

as 77 < 1, and by Lemma [2731 for y = y\. 

Now we are ready to establish the conclusions of the proposition. Take (f>(x) = 1/y 
in the above, and as 29 < 1 by definition, (|38p becomes <C y/(log y) ei / 5 . This is o(l) 
provided £ > 6 log yj (e log log y) , hence we expect o(l) products with I 3> logyo> yielding 
/ = o(logyo) with probability 1 — o(l). In this case 29 ~ 1. 

Regarding the structure of the factorization of n: Taking <p(x) = 1, we expect o(l) 
products with d\ . . .di > y 21 ; hence d± . . .d\ = n 2 < y 21 with probability 1 — o(l). Since 
each prime divisor is > y, evidently n has < I prime factors, and so exactly I — 1. Also, 
if p is the largest then y l ~ 2 p < y l , that is p < y 2 . 

Finally, we are left with showing that n is squarefree. To obtain an upper bound on 
the expected number of square products n 2 for which n is divisible by the square of a 
prime > y, we proceed much as above with 4>(x) = 1/y, but now the Euler product has 
an additional factor 



V 



nip 4 ) , tK/) , \ l 4 _ (logy) 7 



+ ^-^ + ... < 7^ < 



f^ y \p 4a p 6a "J (y/logy) 3 y 3 
From (|38|) we thus deduce that we expect o(l) such square products. 

□ 



4 Hypergraphs 

The main result of this section is to prove the upper bound in Theorem II .21 A roadmap 
for the proof is as follows. 

Recall that the numbers a±,a2, ■ ■ ., chosen uniformly at random from {1,2, . . . ,x}, 
are encoded as row vectors over Ti . Subsets whose product is a square are determined by 
combinatorial relations among these row vectors. Schroeppel's method and its variants 
ignore columns corresponding to primes less than y§. This makes the relations easier to 
satisfy but we pay for it by requiring 7r(yo) many relations. To make the search more 
tractable, we restrict our attention to the more obvious ways of finding linear relations. 
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Schroeppel's original method considers only the most obvious: after removing columns 
less than yo we must be left with all zeros. The one large prime variation considers also 
the next most obvious: when we have two identical rows containing a single 1. 

The upper bound in Theorem 11,21 is proved via the k large primes variation. We 
consider only rows in which at most k ones remain. Tractability of the analysis rests on 
the fact that the combinatorial structure converges as x — > oo to a random object built 
from a Poisson point process. In order for the convergence to be uniform, in addition to 
restricting k, we must restrict the columns: specifically, fixing M > 0, we must not use 
any a, with a prime factor greater than My§. We must also restrict the combinatorial 
complexity of the search for linear relations as follows: calling two rows "neighbors" if 
they share a nonzero column (whose index is now forced to be between y$ and Myo), 
any linear relation must take place within a ball of some fixed radius m in the neighbor 
graph on rows. We may then prove that the combinatorial structure converges in an 
appropriate sense to a tree-like random hypergraph defined on a Poisson point process. 
The number of samples needed to accumulate vr(yo) linear relations in the limiting model 
is computable explicitly in terms of some functions 7 m Mfc- For fixed m,M, k, these are 
ugly, but as m, M, k — ► oo, this number decreases to e~ 7 Jo- 

An outline of this section is as follows. Section 14.11 defines some functions that 
include the family {j m ,M,k}- A result (Theorem 14. ip is then formulated in terms of these 
functions which implies the upper bound in Theorem 11.21 The subsection ends with the 
definition of some combinatorial structures such as tree-like hypergraphs that will be 
used in the search for linear relations. Section T4.2I formally defines the probability model 
and the random objects (hypergraphs with distinguished vertices) that will witness linear 
relations. The number of rows neighboring any given row is shown to have finite first 
and second moments (Proposition 14. 3P . which is then parlayed into an upper bound on 
the mean of size of the m-ball in the neighbor graph on rows. Section T4.3I constructs the 
limit object, an informal description of which appears at the beginning of that subsection. 
Section 14.41 proves convergence of the random hypergraphs in Section 14.21 to the limit 
object of Section 14.31 Although it takes several pages, it consists merely of repeated 
applications of Proposition 14.31 Section [4"31 evaluates the probability fl^f'fcO 3 )' wn i cn is 
the probability in the limit model that if a row containing a single 1 in column pyo arises 
at time 77 Jo, it will form a new linear relation. The key result here (Lemma 14. 18p is that 
this is 1 when m,M,k are sufficiently large and 77 > e -7 . Finally, Section 14.61 finishes 
the proof of the main theorems. 

4.1 Preliminary results 

To begin in earnest, we define the following functions, which will arise in the branching 
processes with finite values of m, k and M. 



exp fe (z) 





l/M 
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Clearly, as k, M — ► oo, we have the limits 

ex PfcW T exp(z); 

f 1 1 - e~ zt 

A M (z) T A(z) := / dt. 

Jo * 

Recursively, define functions ^ m ,M,k for m = 0,1,2, ... by 

70,M,fc(w) := u; 
7m+i,A/,fc(n) := u exp fc [A M (7m,M,fc(^))] • (39) 

Note that 7m,M,fc(^) is increasing in all four arguments. From this it follows that 
1m.M,k(u) increases to jM,k(u) as m — > oo, a fixed point of the map z t— > uexp fe (-AM(z))j 
so that 

lM,k( u ) '■= u ex Pfc [^Af(7Af,fc(«))] • (40) 

We now establish that 7&f fc(tt) < oo except perhaps when M = /c = oo: we have 
< Am{z) < logM for all z, so that n < 7M,fc( u ) < Mu for all u; in particular 
lM,k( u ) < oo if M < oo. Also, A(z) = \ogz + 0(1) which, along with (f39]) . implies that 
7oo,fc(^) ~ n(log u) k ~ l /(k — 1)!; in particular 7 00 ,fc('u) < oo. As M, k — > oo, the fixed 
point jM,k( u ) increases to the fixed point ~f(u) of the map z i— > ne A ^^, or to cxd if there 
is no such fixed point, in which case we write 7 (it) = 00. In Lemma 14.181 we show that 
this map has a fixed point if and only if u < e~ 7 . Otherwise 7(1*) = 00 for u > e~" ( so 
that 

r^du = oc>l (41) 
Jo « 

for any 77 > e _7 . 

Our main result in this section is the following: 
Theorem 4.1 If rj,m,M,k are such that 

f«Mdoi, 

Jo u 

then with probability approaching 1, as x — > oo, among t]Jq uniform random samples 
from {1, . . . , x}, the y -smooth numbers up to My with at most k large primes will contain 
a square subproduct. Furthermore, this will be witnessed in diameter at most m, in a 
sense to be made precise in Definitions \4-7\ and \4.9\ below. 

Together with (|4ip . this establishes the upper bound in Theorem 11.21 Our conjecture 
that the upper bound is sharp is supported by the fact that limj^, J* du = 1. 

Hypergraphs 

A hypergraph on a vertex set V is simply a collection H of finite subsets of V of 
cardinality at least 2. Each S G Ti is called a hyperedge of TC; the cardinality of a 
hyperedge S is its cardinality as a set. Define the support of a hypergraph Tt, denoted 
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by supp (Ti) := UseH ^ *° ^ e umon °f au °f its hyperedges. By a hypergraph W with 
vertex set V, we mean that supp (Ti) C V (note: in the literature, often this language 
would imply supp (Ti) = V). We will typically use script letters for hypergraphs: G,Ti, 
and so forth. A rooted hypergraph is simply a hypergraph together with a choice of a 
distinguished element in its support. Thus, the hypergraphs on V rooted at p are in one 
to one correspondence with hypergraphs on V containing p in their support. 

Definition 4.2 (tree-like hypergraphs) A finite hypergraph Q rooted at p is tree- 
like z/supp(<?) may be given the structure of a tree T, rooted at p, in such a way that 
the following decomposition holds. Let I denote the set of vertices that are not leaves of 
T . We require that for each q £ /, the set of children of q may be partitioned into sets 
V q! i, . . . , V q ^q) so that each hyperedge of Q is equal to V q j U {q} for a unique pair (q,j) 
with q £ I and j < n(q). 

A moment's thought shows that if Q is a tree-like hypergraph rooted at p then the tree 
structure on supp (G) satisfying the definition is unique (when p is specified as the root). 
Denote this tree by T p (Q). 

Sometimes it will be desirable to allow singleton hyperedges (hyperedges consisting 
of a single vertex, p). Rather than change the definitions, we introduce the notion of a 
marked hypergraph. This is just a pair (Q,U), where Q is a finite hypergraph and U 
is any subset of supp (Q). We think of U as telling us (by marking) which singleton edges 
{p} have been added to Q. Hypergraphs Q and Q' are defined to be isomorphic if there 
is a bijection <f> : supp(^) — ► supp (<?') inducing a bijection at the level of hyperedges. 
Marked hypergraphs (Q, U) and (G', U') are isomorphic if <f> can be chosen so that also 



In what follows, we will require a notion of weak convergence of probability measures 
on hypergraphs and marked hypergraphs, which in turn requires a metric on the space of 
marked hypergraphs on the vertex set R rooted at p (and we will re-normalize, replacing 
prime p by the real number p = p p := p/y, which will thus lie in the fixed interval (1, M]). 
It will turn out that all but a vanishing fraction of our hypergraphs are treedike, so we 
need only to define the metric on treedike hypergraphs (e.g., by convention we take the 
distance between hypergraphs to be +cc if either one is not treedike). If Q and H are 
two treedike hypergraphs, define the distance to be +00 if the two hypergraphs are not 
isomorphic, and otherwise define the distance to be the least e > such that there is 
a bijection <p : supp(<?) — > supp (7i) inducing an isomorphism on the hypergraphs, and 
satisfying \4>{p) — p\ < e for all p € supp(<7). (Here we are dealing with re- normalized 
values of p, that is p p = p/y, which are bounded.) In other words, the topology is discrete 
on the graph structure along with the product topology on the names of the vertices. 
Formally, 



d{G,Ti) := min < max \<fi(p) — p\ '■ is an isomorphism from supp (Q) to supp (Ti.) 



Define the distance between marked hypergraphs similarly, with <f> now restricted to 
isomorphisms of the marked hypergraphs. Let p and p! be two probability measures 
on the space of hypergraphs on the vertex set R. Say that a random pair (G,G') of 



<P(U) = U'. 
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hypergraphs is a coupling of \i and // when Q has law /i and Q' has law //. Define 
the distance d(fi, //) between the probability measures fi and // to be the infimum of 
values e > such that there is a coupling (Q,Q') of fi and // for which the probability 
of d(Q,Q') > e is at most e. This is a standard metrization of the weak topology, that 
is, d(fi n ,fi) — > if and only if J f dfi n — > f f dfi for all bounded and weakly continuous 
functions /. 

4.2 The random hypergraph Q of (My)-smooth numbers 

Before we get started, here are a few words on notation. As before, we are selecting 
random positive integers < x, with y(x) and Jq(x) as in Section 1. Also, as before, we 
will choose an integer J := [^oj for some ij > 0. We will choose a real M > 1 and keep 
track of large prime factors in the interval (y,My). By the term large prime, we will 
mean a prime in the interval (y, My). We will also choose an integer k > 1 and keep track 
only of numbers with at most k large prime factors (factors in the interval (y, My)); we 
may even choose k = oo in the range implied by the limitations given to the uniformity 
of (|23p . We will also specify an integer m > 1 which is interpreted as the maximum 
chain length our algorithm will exploit when counting pseudosmooths, where a chain is 
a sequence a\,a2, . . . ,a r , r < m, such that each consecutive pair aj,aj + i share a large 
prime factor pi £ (y,My). The first mission of this subsection is to define a random 
hypergraph which will depend on M, J, x, m, k and a large prime p € (y, My). The full 
notation for this will be G^kp- However, in most of the results and constructions that 
follow, k, M and J are fixed and x is a size parameter fixed during each construction, 
while m and p are dynamic (the constructions are recursive in m and p and the proofs 
inductive). Because of this, we often reduce clutter in the notation by writing simply 
Qm,p with the other four parameters understood. In many of our lemmas, arises the 
phrase, "/ = o(l) as x — ► oo, uniformly as M and r\ vary over bounded intervals and 
y < p < My." To be precise about this once and for all, it means that there is a function 
g, going to zero as x goes to infinity, such that f(M, J, x,m, k,p) < g(Mo,r],x,m,k) 
for all M < Mo, J < t/Jq and y < p < My as x — > oo. This holds for any fixed 
m, k, Mq,t]. Several times in Section T4.4I below we prove weak convergence results. Note: 
such convergence results needing to be uniform, in the manner just described, was the 
reason for metrizing the weak topology. 

Now we move on to the constructions. Fix an integer x > and let (p, x ,J- x ,W x ) be 
a probability space on which is defined a sequence {X\, X2, . . .} of IID random variables 
whose common distribution is uniform on the set {1,2, ... ,x}. Let y = yo(x) and 
Jo(x) = xir(y)/ip(x,y) be as in Section 1. For each real M > 1 and each integer J > 0, 

we will define a random hypergraph on the space (£l x , T x , P x ), which we will denote by 

gM,J,x 

Given a real number M > 1, we keep track of prime factors up to My as follows. For 
any integer X that is (My)-smooth, define the class [X] to be the set of primes p for 
which y < p < My and X is divisible by p to an odd power, that is p £ [X] if and only if 
y < p < My and p l \ X but p l+1 / X for some odd integer i. If A is y-smooth, we define 
[A] to be the empty set. If A is not (My) smooth, we pick a symbol (for probabilists, 
the traditional symbol is A) and set [A] = A. 
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Now we define a random hypergraph with vertices in M + by 

Q : = Q"U* : {[X,] : [X,] + A and #[Xj] > 2} ; j , . 

We remark that for a fixed x, the random hypergraphs g M > J > x are defined simultaneously 
for all M and J. In case it seems strange to take V = M + instead of Z + , it is because 
we will be taking scaling limits. Some easy but useful estimates are as follows. 

Proposition 4.3 Fix M > 1 and rj > 0. Let J = [t]Jq\ and let [Xi], [X2],... and Q 
denote the random variables on T x , F x ) constructed above. For any finite set S of 
primes, let 

N(S) = {j:j<J;[X J ]=S}. 

1. For any finite set S of primes in (y,My) with \S\ > 2, the number N(S) has 
asymptotic mean 

E.N{S)~ V y tovr-\ (42) 
UpesP 

An upper bound, with an extra factor, is valid for all S: 

V X N(S) < 2l s l +1 n y(1 ° gy) ' 5hl . (43) 
LlpeSP 

2. For any set W of hyperedges S, let N(W) := YlseW N(S) denote the total number 
ofhyperedges in W. Then, for any W, ¥ X (N(W) > 2) < (E X N(W)) 2 . 

3. For any p E (y, My), the probability that there will be a prime q 7^ p such that more 
than one hyperedge of g contains both p and q goes to zero uniformly in M < Mq, 
77 < rjo and y < p,q < My. 

Proof. The means are computed by counting the number of a < x with [a] = S. The 
number of integers of the form sllpes^ U P to x where s is y-smooth is ip(x/Y\ p€S p,y). 
The number of integers of this form that are divisible by q 2 for some q £ S is bounded 

above by I ~^f? >V )• This is easily shown to be asymptotically negligible 

£s \«npesP J 

fx \ 

compared to B$ ■= ip ^ ,y by (fTTj) . using the fact that a remains bounded 

\UpesP J 

away from zero, hence the number of a < x with [a] = S is asymptotically equal to Bs- 
By (|23|) . and using ir(y) ~ y/logy, we then have 

E X N(S) ~ ^ l/n ^ M) 



V 



x 



which is (j32J). Using (p4^) instead of ([23]) . and Tt(y) < 2y/logy instead of 7r(y) ~ y/logy, 
gives (USD. 
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The second statement follows because iV(W) has a binomial distribution. For the 
third statement, let H{p) denote the event that there is some q for which more than one 
hyperedge arises containing p and q. Fix any primes p\ ^ P2- Let Wfc denote the set of 
sets S = {pi,P2, ■ ■ ■ ,Pk} of distinct primes between y and My and let W = Ufc^Wfc. By 
the second statement of this proposition, an upper bound for H{pi) may be obtained by 
summing any upper bound for (E a .iV(VV)) 2 as P2 ranges over primes between y and My. 
We compute this by bounding Ej.A^CWfc), then summing over k, squaring, and summing 
over p2- Thus we begin by using ([13]) with S = {pi,P2, ■ ■ ■ ,Pk} to obtain 



EN(S)<2 k+1 f ] y(logy) k - 1 H- 



pes p 

Summing this over all choices of P3, . . . , p^ and using (|26|) for the last inequality then 
gives 

EN(m) < 2k+l7]ylogy y fr^y 

™ P3 < < Pfe M Pi 



< 



< 



2 k+1 7]y\ogy 1 ^ yr logy 
P1P2 (k-2)\ 11 p 



2 k+1 rjylogy 1 
P1P2 (k-2)\ 



[J (2 tog M). 

i=3 



We sum this over all integers k > 3 so that 



EAT(W) < 8M4 ^ lQ g^ < 8M^ Vo logy 

~ P\P2 ~ Pi 

since y/p\ < 1. Squaring, noting that l/p2 < 1/y and logy < logp2) w e obtain a 
quantity bounded above by a constant multiple of 

logy >p logy 
y ' V2 

y y<P2<My 1 A 

log y 

By (|25p this is 0( ); this completes the proof, as we only needed to show o(l). □ 

y 

We now define sub-hypergraphs Q m ,p of the random hypergraph Q, culled so as to be 
tree- like and rooted at p. They are deterministic functions of the variables X±, . . . , Xj, 
and they will bear witness to the creation of pseudo-smooth numbers. They depend 
on the parameters M, J, x and k, which are fixed throughout the construction and sup- 
pressed in the notation. We remark that the definition makes sense for k = 00. 

Definition 4.4 (The sub-hypergraph Q m , p and marked set U miP ) We define hyper- 
graphs Q m ,p{j) recursively for m > 1 and 1 < j < J as follows. 

• Let Tq(p) := {p} and Qq :P := 0, taking supp (Go,p) = {p} by convention. 
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• For each m>l, define G m , P (0) := G m -i, P - For j > I, define G m , P {j) ■= G m , p (j - 
1) U {[-Xj]} if [Xj] intersects supp (Gm,p(j — 1)) in a single element o/T m _i(p) and 
2 < \[Xj]\ < k. Otherwise, let Gm,p(j) '■= G m , P (j - 1)- Define G m , P ■= G m , P (J)- 
Define T m {p) := supp (G m , P ) \ supp (G m -l,p)- 

Let U denote the set of primes q with y < q < My such that [Xj] = q for some j < J. 
Let Um tP := U n supp (Gm, P ) ■ Then (Gm, P ,U m , P ) is a marked sub-hypergraph, which we 
will use later to witness the creation of pseudo- smooths. 

Informally, Gi tP takes all hyperedges of G that contain p except for those creating a 
collision (that is, a cycle on hyperedges), using the order in which they were generated 
to settle collisions. Then, G2, P starts over, taking all hyperedges containing each of the 
vertices added in the previous step, except for those that cause collisions. In the end, 
the list of hyperedges is swept through, in order, m times. The informal interpretation 
of T m (p) is the set of primes that first appear at distance m from p in our tree- like 
hypergraph; the informal interpretation of U m ^ p is the set of primes within distance m 
of p that appear as hyperedges of cardinality one. 

Lemma 4.5 For any n, M, x and p, 



Proof. By construction, the hypergraph Gi. P is a subset of the restriction of G to 
hyperedges containing p. Therefore, 



where the sum is over such sets S. Break down the sum by the cardinality of S. The 
sum over \S\ = k is l/(k — 1) ! times the sum over ordered sets of primes p = p\ , P2 , . . . , Pk 
in the range (y, My). The sum over ordered such sets is bounded above by the sum over 
ordered fc-tuples in which repetition is allowed. Thus 



where the summand is zero, by convention, if there is a repetition. When there is no 
repetition, we obtain an estimate from (|42p . which implies the upper bound 



E x \Gi, P \ < (2M-l)r^. 



s 





The inner sum factors as a power, yielding 
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By the prime number theorem, J2 y <q<My(^°Sy)/Q ~^ logM, and is never more than 
log(2M), whence 



y ^ (log(2M)) fc - 1 y 
^x\Gi, P \ < rj- 2^ 77— prj = ( 2M " 1 ) r ?- 



□ 



Corollary 4.6 

and 



^ x \Gi, P \ 2 < E x \g 1:P \ + (E x |g 1)P | 



E x |0 m , p | < (l + 27?M) m ^ 



Proof. For the first statement, note that for S / T, the events {S 1 G Gi, P } and {T € 
are negatively correlated. (Recall that two events are negatively correlated, if the 
probability of their conjunction is at most the product of the probabilities of the events.) 
This is because the events {[Xi] = S} and {[Xj] = T} are independent, unless i = j, in 
which case they are negatively correlated. It follows that 

^ x \Gi, P \ 2 < ^Px(5,Te6i, p ) 

S,T 

< (Exl^l) 2 +^1^1. 

For the second statment, induct on m. Conditional on G m -i,pi the random hy- 
pergraph G m , P is stochastically dominated by the union of Gm-i,p with a collection of 
hyperedges whose conditional distribution given Gm-i,p is described as follows: for each 
q € T m _i(p), and for each finite subset S of primes in (y,My) containing q, the hyper- 
edge S is added independently with probaiblity N(S). By induction, the mean number 
of such q is at most (1 + 2r]M) m ~ 1 y /p. Bounding the mean of each Poisson variable from 
above by 2r]M, we complete the induction. □ 



The number of pseudo-smooths generated by time j, by definition, is the difference 
between j and the F2-rank of the collection [Xi], . . . , [Xj], made into a ^-vector space 
by using the symmetric difference operation [Xj]©[X,]. To count this, we count the 
number of j for which [Xj] is in the ©-span of [Xi], . . . , [X,-_i], which we denote by 
([-Xi], . . . , [X,_i]). This includes the case where [Xj] = (y-smooth numbers), [Xj] = 
[Xi] for some i < j (the one large prime case), as well as more complicated cases. It 
turns out that not much is lost if we include only one more class of cases. For each prime 
p in the interval (y,My), and each positive integer j, we define an event Xm'kp wnose 
informal interpretation is that {p} is in the span of {[Xi, . . . , [Xj]} and that this fact is 
witnessed by classes [Xi] of cardinality at most k, having indices i < j. A proposition 
immediately following the definition verifies the interpretation. The parameters k,x,j 
and M will now be fixed throughout the definition and suppressed from the notation. 

Definition 4.7 (x f° r general marked rooted trees) 
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1. Let (G, U) be any marked hypergraph rooted at a vertex p. For q £ supp (G), define 
the height £(q) to be the length of the longest non-backtracking path from q to the 
leaves of G, or more accurately, of the tree T P (G). 

2. Define an event x(q) = x(G,U,q) by recursion on £(q). If £(q) = 0, define the 
event x{q) to hold if and only q £ U. If £(q) > 0, let r denote the distance from 
p to q in T p (G) and define x(l) to hold if and only if there is some hyperedge 
S £ G such that (i) S C T r+ i(p) U {q} (that is, S is a hyperedge that appears first 
at distance r + 1 from p, and is a "child" of q), and (ii) the event x(q') occurs for 
each q' £ S other than q. 

3. Finally, let x(G,U) denote the event x(G,U)(p). 

Remarks 4.8 Note that the recursion is well founded because £(q') < £(q) — 1 for all 
such q' . Also note that in the recursive part of the definition, we allow S to equal {q}, 
in which case (ii) is vacuously satisfied. 

Definition 4.9 (smooth primes witnessed in an m-neighborhood) 

If Qm,p is not tree-like, we define Xm,p not to occur. If Q m ,p is tree-like, we define 
Xm,p(o) '- = Xm,p(Gm,p-,U m ^p, q) , whence, 

Xm,p '• = X{Gm,p] Um,piP) ■ 

Let V denote the vector space over F2 whose basis is the set of symbols 

{5 P : p is a prime and y < p < My}. 

Identify each class [X] with the element J2 P ^x $p °f V. In the following proposition, 
(pfi], . . . , [Xj]) denotes the span of {[Xi], . . . , [Xj]} in V. 

Proposition 4.10 For any m > 1, the event Xm,p(q) implies {q} £ ([Xi], . . . , [Xj]). In 
particular, 

x m ,p => Mepi],-,ft]). 

Proof. By induction on £(q) > 0. If £(q) = then Xm,p{(l) implies [Xj] = {q} for some 
j < J, which immediately implies {q} G ([Xi], . . . , [Xj]). Now suppose £(q) > 1. If 
Xm,p{q) holds, let j satisfy (i) and (ii) of the definition with q = p. For each q' £ [Xj] 
distinct from q, £(q') < £(q) — 1, whence by induction, {q'} £ ([X\], . . . , [Xj]) for all 
such q' . This, along with the trivial observation that [Xj] £ ([Xi], . . . , [Xj]), implies 
{q} £ ([Xi], . . . , [Xj]), which completes the induction. □ 

It follows from this that for any m, the number of linear dependences among 
{[Xi], . . . , [Xj]} is bounded from below by 

#{j < J ■ for all p £ [Xj], the singleton {p} is in the span ([Xi], . . . , [Xj_i])} . (44) 
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4.3 Construction of the limit object 7i m 

An informal description of the limit object is as follows. The root, p, gets hyperedges 
{p,pi,..., pk} independently, with the probability of such a hyperedge arising in a small 
volume element {p} x [pi, pi + dpi] x • • • x [pk, Pk + dpk] equal to 

dpi--- dp k 
PPi ■ Pk 

Recursively, for m iterations, each vertex newly added in the last iteration gets new 
hyperedges in the same way. 

Formally, the limit object is best described in terms of Poisson processes. We briefly 
summarize definitions and properties of these, referring the reader to [7] for further 
details. Given a measure space (S,B) with a u-finite measure p, a Poisson process with 
intensity p is a collection of random variables {N(S) = N(S)(u) : S £ B} on some 
probability space (f2, T, P) satisfying the following properties: 

(1) Countable additivity in S: if A is a collection of disjoint elements of B then 

N({JseAS)=EseA N (S); 

(2) Counting measure: N(S) takes values in the nonnegative integers; 

(3) Poisson distribution: for fixed S, the random variable N(S) is distributed as a 
Poisson distribution with mean p(S); 

(4) Independence: if S, T are disjoint elements of B then N(S) and N(T) are inde- 
pendent. 

A number of constructions are available to prove the existence of such a process. 

If p is nonatomic, then with probability 1, the random counting measure N gives 
measure at most 1 to every point s € S. It follows that the random measure N(S) is the 
sum of point masses 6 S , as s ranges over some finite or countable subset of S; we denote 
this set by supp (N) and refer to supp (N) as "the points of the Poisson process" . The 
cardinality of supp (N) is a Poisson random variable with mean p(S). 

Fix a real number M > 1. Fix also a real r\ > and an integer k > 2. We construct 
a random hypergraph 7i m ,p = Um icp on a new P r °kabihty space (17, J 7 , P) whose vertex 
set is the real interval [1, M\. The collection [1, M]j of subsets of [1, M] of cardinality j 
may be identified with the sector Wj C W defined by 

Wj := {(pi, . . . , Pj ) G W : 1 < pi < ■ ■ ■ < Pj < M} . 

Let dp/(pi, . . . , pj) denote the image under this identification of the measure whose 
density with respect to Lebesgue measure is l/(pi • • ■ Pj)- Observe that the total mass of 
the measure dp/(pi ■ ■ ■ pj) is given (log M) J Now define a measure pk on the union 
|Jj =1 [l,M]j by pk = Ylj=i dp/ (pi ■ ■ ■ Pj) ■ Let p denote the increasing limit of pk as 
k — > oo. We see that p has finite total mass: 

W | = £(!2^ = M-l-logM. 
i=2 J ' 

Fix p G [1,M] and define an operation a p by cr p (S) = S U {p}. Define the measure p^ p 
by p^ p = pk o CTp 1 . In other words, p^ p is the measure corresponding to "choosing a 
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set according to p,k" and then adding the element p. (Here the quotes are to remind the 
reader that the finite measure fj,^ is not a probability measure). Thus all the measures 
as well as the increasing limit p +p are supported on finite sets of cardinality at 
least 2. 

Let r 6 [1, M] (here r plays the role of q/y, just as p plays the role of p/y). Let 
v T = VujP (as usual, we suppress quantities that are, for the moment, fixed) be the law 
of the points of a Poisson process with intensity p +p /r. Observe that each point of the 
process is a finite subset S of [1,M] with p £ S. Because the intensity measure has 
finite mass, the law of the set of points is the law of a random finite set of hyperedges 
S C [1, M]. By non-atomicity of Lebesgue measure, we see that with probability 1, this 
is a tree-like hypergraph rooted at p, all of whose hyperedges contain p. 

Definition 4.11 (The marked graph (Ti m p ,U m „)) We now construct the random 
hypergraphs 7i m , p = W^J , by recursion on m. For m = 1, choose TLx lP from the 
law u p . For m > 1, let T m ^ p = supp (H m , p ) \ supp {H m -i, P ), taking supp(7i ,p) = {p} 
by convention. For the recursion step, choose random hypergraphs ~H myT independently 
from respective laws v T , as r varies overT m ^ p , and let Ti m +i, P be the union ofTC m , P with 
all the sets TL m +iT ■ It is again immediate that each TC mtP is tree-like. Finally, we define 
a set of marks U m ^ p , by choosing each r G supp (Ti. m , P ) independently, with probability 
l-e- r il T . 

Now, using Definition 14.91 once more, define events 

x(7~Lm, P -, U m , P i t) j 

X(7~Lm, P i Urn, P ) • 

These are events on the space f2 analogous to the events Xm,p(o) an d Xm,p defined on 
the space Q x . Denote 

4.4 Convergence of Q to H, and consequently, of P x (x) to 9 

In this subsection we prove convergence results which will be used to compute the rate 
of accumulation of pseudo-smooth numbers. 

Theorem 4.12 Fix integers m, k > 1 and any real M > 1. Then 

P-(<ip) = (i + °(V)C'i /Jo (p/y) (45) 

uniformly as p varies over primes in the interval (y, My) and j/Jo remains bounded. 
More generally, for any r > 1 and any p\,...,p r , 

F * (n = + °w) fid 1 Jo ^/y) . ( 46 ) 

\i=l / i=l 

uniformly as p\, . . . ,p r vary over primes in the interval (y, My). 



Xm,p v ) 

/ 

Xrn, P ' 
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The proof of this theorem is essentially to show that the rescaled random graph 
y~ x Q m ^ p converges weakly to H m w r We encapsulate what we need in the following 
lemmas. All of these are routine Poisson convergence lemmas. In each case, the lemmas 
hold for any fixed k, and with k = oo in the range of uniformity given for (|23p . 

Lemma 4.13 As x — * oo, the distance in the weak metric between the random hyper- 
graph Q^p' x and the random hypergraph , H^ p / y J ° 9°es to zero, uniformly as M and j / Jq 
vary over bounded intervals and y < p < My. 

Proof. As a preliminary computation, let Q[ denote the subset of Q of all hyperedges 
containing {p}. We claim that P(£7i lP = G'i p ) — ¥ 1- Indeed, the complementary event 
requires that a collision occur, entailing two hyperedges both to contain {p} and {q} for 
some q. By the last part of Proposition 14.31 this probability goes to zero uniformly (and 
even for k = oo in the range allowed by using (|23p). 

Next, let H = (n, r{] x • • • x (r n ,r^] be any rectangular subset of the sector W n 
and let E x denote the set of sets, S, of n primes, each between y and My, such that 
y~ 1 S G S. As in Proposition 14.31 let N(a p (£x)) denote the number of j < J such that 
[Xj] £ cr p (H x ). Using (|4"2"j) . we estimate 

E x N(a p (E x )) = Yl E * N ( S ) 

S£ct p (S x ) 

Factoring the sum of products gives the equivalent expression 

E x N(a p (E x ))^r, y -fl ^ ^. 

p t— 1 q 

4=1 ny<q<r[y 

By the prime number theorem, this converges to u p / y (£). 

Finally, let us see that y~ 1 Qi jP converges to a Poisson process with intensity v p where 
P = p/y\ by construction, this is the distribution of Ti-i, p , and therefore this will complete 
the proof of the lemma. We need to show that for any disjoint sets H^, . . . ,5^, 
the respective numbers of hyperedges in y~ 1 Gi. P in HW converge in disribution to 
independent Poissons with means v p (Ei). It suffices to prove this for Q' l p in place of Q\ iP 
because we have seen these are equal with probability 1 — o(l). 

We have already verified that the means are i/„(HW) when E)W are rectangles, which 
implies the same result for all measurable 5. To obtain the joint Poisson distribution, 
it is easiest to Poissonize. Replace Q' l p by G'{ p , defined identically to Q' l p except with 
J replaced by a Poisson variable J' of mean J. For this random graph, the numbers 
(N^)" of hyperedges of G'{ p in the rescaled 3W are exactly independent Poissons with 
the given means. The key observation is that 

^(Q'i, P ^Gi, P ) = 0(Jo 1/2 )- 
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To see this, note that K X \J' — J\ = O{y/Jo). Therefore, 

^(G'i, P + Q'{ p ) = O (/To F X ( P e [Xi])) = O (j 1/2 E x \g' 1>p \) = O (j Q 1/2 ) , (47) 



by Corollary g21 □ 

Lemma 4.14 As x — > oo, the distance in the weak metric between the n-tuple of random 
hypergraphs 



1 



l<j<n 



and the product of the laws of the hypergraphs TL^' ,f° goes to zero, uniformly as M and 
j I Jq vary over bounded intervals and y < pi < My. 

Proof. This is the same proof with only one difference, as follows. To check that 
Qi )Pi = Q[ with probability tending to 1, one observes that (3) of Proposition 14 . 31 holds 
simultaneously for pi, ■ ■ ■ ,p n - All else is the same, once one observes that Poissonization 
gives (|4"T|) simultaneously for all pi, . . . ,p n . □ 

Lemma 4.15 As x —* oo, the distance in the weak metric between the random hyper- 
graph y~ 1 Qm,'p X and the random hypergraph H. 1 ^'^'/ 5°es to zero, uniformly as M and 
j j Jo vary over bounded intervals and y < p < My. Similarly, the distance between the 
law of the random n-tuple y~ l (Gmi ,x )i<i<n and the product of the laws ofTL^'^f° goes 
to zero with the same uniformity in M,j/Jq and {pi}. 

Proof. We induct on m. For m = 1 this was shown in Lemma [4.131 Now let m > 2 and 
assume for induction that the result holds for m — 1. If Q m .p is tree-like, let r := |Ti(p)| 
and let G\, . . . , G r denote the subtrees of T p {Gm,p) from the vertices q\, . . . ,q r of T\(p). 
Let £7(1), • • • , £7(r) denote the corresponding hypergraphs, that is, Q(i) is the hypergraph 
rooted at qi whose hyperedges are those of £7 m , p whose support is a subset of the vertices 
of Gi. We will show that the joint conditional distribution of y~ 1 (Q(l), . . . ,G(r)) given 
Gi, p converges to the product of the laws of r H m -\ i q i / y - By the recursive construction 
of Tt m ^p/y and the fact that Q m ^ v is tree-like with probability approaching 1, this will 
complete the proof of the lemma. 

Consider the hypergraph Q' m _ lq .. If this is tree-like, let Hi be the subtree obtained 
by removing the unique hyperdege containing p and qi, and restricting to the connected 
component rooted at If these are disjoint for 1 < i < r, then Q(i) = Hi for each i. 
The probability that all the hypergraphs Q' m _\ „. are tree-like is asymptotically 1. The 
probability of a collision is bounded above by 

r 

2 Yl ¥x { q 6 SUPP n SU PP @m-l,fc 

y<q<My 1 ,j=l 

The probability that q G supp {Q m ~i, qj ), conditional on |£7^_ 1)g .|, is 0{\Q' m _ x \/it{y)). 
This is true as well for qi, and the two events are independent. Therefore, the probability 
of a collision is 

2\ Q&x\Gm-l,y\) 2 
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By Corollary 14.61 we obtain the upper bound 0(1/tt(jj)). 

Next, we claim that the conditional distribution of Hi given Q[ is asymptotically 
equal to the unconditional distribution oiQ' m _ l q .. Indeed, Q' l p is measurable with respect 
to the o"-field generated by the events {S E Q : p E S}. This is independent of the events 
{S £ G : p $l S}, so conditional on G[ p , Hi has the distribution of Gm-i qi where the 
double prime means that all hyperedges containing p were excluded at every step of the 
construction. We already know that G'^-i q-i is asymptotically distributed as G' m _\ 
verifying the claim. Moreover, the same argument shows that the joint conditional law 
of Hi, . . . , H r ) given G\ p is asymptotically the product of the laws for each i < r. 

Finally, by the induction hypothesis, the unconditional distribution of Q' m . q . is asymp- 
totically that oiTL m _i qi / y . Therefore, since with probability approaching 1 all the graphs 
G' m _i qi are tree-like and there are no collisions, we have shown what we need. □ 

Lemma 4.16 As x — » oo, the distance in the weak metric between the random marked 
hypergraph y~ 1 (Gm,'p X ,U m;P ) and the random marked hypergraph {H.^ p ,y , U mjP / y ) goes 
to zero, uniformly as M and j / Jq vary over bounded intervals and y < p < My. More 
generally, the distance between an n-tuple of marked graphs 

and the product of the laws of the random marked hypergraphs {'H^' p ^fy}U rnjP ./ y ) goes to 
zero uniformly as M and j / Jq vary over bounded intervals and y < p±, . . . ,p n < My. 

Proof. Observe that the conditional probabilities of q E U mjP given Gm,p are independent 
and given by 1 — e~' ny ^ Q as q varies over supp(£? m)P ). This is true since, in the limit 
(x,y — > oo and J = rixir(y)/'ip(x,y)), the events \{j : [Xj] = {qi},j = 1, . . . , J}\ for fixed 
q±, q2, ■ ■ ■ , q r are independent Poisson random variables with mean ~ i]y/qi. And once 
it is known, in the limit, that the events {q E U m ^ p } given Gm,vi with q running over 
supp (Gm,p) are independent with probability 1 — e~ riy ^ q , then the first part of the lemma 
is proven; the second part is analogous. 

□ 

Proof of Theorem 14.121 Begin with ((431) . For any marked graph (G,U), \{G,U) 
depends only on the marked hypergraph structure of (G, U) and not the names of the 
vertices. Because the topology on graph structure is discrete, x is continuous. The weak 
topology on measure is characterized by convergence of integrals of bounded continuous 
functions, so (145p follows from the first conclusion of Lemma [4. 161 For any fixed bounded 
continuous function, such as x> the difference in the integrals is bounded as a function 
of the distance bewteen the measures, whence the uniform convergence in Lemma 14.161 
transfers to the required uniform convergence in (|45p . The proof of (|46p is identical, 
using the n-tuple convergence in Lemma f4.16l in place of convergence of the single marked 
hypergraph. □ 

4.5 Computation of 9 

We begin by computing 9 m (p). Recall the definition of the functions 7m,M,fe(^) in (f39l) . 
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Lemma 4.17 



qM,V 

m. 



1 



Proof. The quantities M, i] and k will be fixed throughout the proof, so we write 9 m 
for Of^'fc. The proof is by induction on m. By definition, 1 — 9q(p) is the probability that 

p £ Um,p, which is e~ v ^ p by construction. This establishes the result for m = 0. 

Now suppose that m > 1. The set of hyperedges S E Hi,p is, by construction, a 
Poisson process with intensity v p . The complement of Xm,p is the intersection of p ^ f7 m> p 
with the event that for all hyperedges S £ Hi p of cardinality between 2 and fe, there is 
some t £ S \ {p} that is not in tJ m , p - We have, by induction, 



/m+l 



(p) 



n i- n ■ 

seni, p \ res\{ P } 

n f»- n ■ 

seHi, p \ T&s\{ P } 




(48) 



where the first product is over hyperedges of cardinality up to k and the product over 
t£S \ {p} is taken to be 1 if S = {p}. If / : 3 — * [0, 1] is any function on a space 3 on 
which is defined a Poisson process with intensity then the expected product of / at 
points of the Poisson process is given by 



cxp 



(/(£)- i)<M0 



Applying this to (gSJ) with v = v p and f(S) = l — Y\ reS \^ m (T) gives 
log(l - 9 m+l (p)) 



.1 
P 



11 d m (r)du(S) 

reS\{p} 



Break up the integral according to \S\. Recall that for j > 2, the law of S \ {p} on 
{\S\ = j} is r]p,j-i/p. We may incorporate —rj/p as the j = 1 term if we define (jlq to be 
a point mass of 1 at the empty set and the empty product to be 1. These substitutions 
yield 

fe-i „ 

io g (i - e m+l { P )) = --J2 U M^) dp f (S) . 

Here the primes are introduced to clarify the changes of variable j' = j — 1, S' = S\ {p}. 
We now drop the primes and observe that pj is times a product measure. Therefore 

the integral of the product factors, yielding 



k-l 



log(l - m +iO)) 



.1 y^l 

P J ! 

j=o J 



exp fc 



M 



1 

Af 
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Using the induction hypothesis again we substitute 1 - e~^ M ^l T for 9 m (r) to arrive 
at 

log(l - 9 m+1 (p)) = -^ex Pfc ^j" (l - e^'W/j y^j . 
Changing variables to t = 1/r so that di/i = — dr/r, yields 



log(l-0 m+ iOo)) = --expl / - — ^— — dt 



1 \ — e -t-ym,M,k(v) 



P \Jl/M t 

TJ 

= AM^mMkiW . 

p 

The right-hand side is equal to — (l//o)7 m +i,M,£:( r ?)\ completing the induction. □ 
Lemma 4.18 Fix any 77 > 77*. Then 

uniformly over p in any bounded interval [1, L] as m, M, /c — > 00. 

Proof. The function zj exp(A(z)) is the real analytic function 

/ f z e~ u f 1 1 - e" n \ 

exp / du — / du = exp(— 7 — T(0, z)), 

\Ji u J u J 

where r(0,z) := J~e~*f . By ([28]), which evidently increases to 77* as z f 00. It follows 
that for 77 > 77*, if we choose any positive 5 < (77/77*) — 1, then 

77 z 
> 77* > 



1 + 6 '* e^( 2 ) ' 
which implies that 

V e A W > (1 + 6)z , 
for all z > 0. Applying this to PU|) with z = 7m, i0 o,oo(^) leads to 

7m+l, 00,00 

(7/) > (1 + 5) 7m 

,00,00 

fa) 

which, in turn, leads inductively to 

7m, 00, 00 

(7/) >r ) *{l + 6) m ~ 1 . 

Since 7 is increasing in all its arguments, this is true for all greater 77 as well. 
Now, given L, e > 0, choose tti sufficiently large so that 7m, 00, 00 

(77) > Llog(l/e). The 

function 7 is continuous in M and k at infinity, so we may choose M and k such that 
7m,M,fc(7?) > -Llog(l/e). It follows from Lemma f4. 171 that 

6%$(p) = 1 - e-Tm.w.fcW/p > 1 _ e -iog(iA) = 1 - e , 
for 1 < p < L, proving the lemma. □ 
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4.6 Proof of main theorems 

Proof of Theorem 11.21 Fix e > 0. The first step is to use Lemma l4.18l to pick m, M, k 
such that 

fl Af,77,+e/ » 3 „ I 2, 



»m,k ~'(fi) > 4 fOT a11 1 < P < L : = eX P 

Take M to be larger if necessary so that we may assume M > L. We deduce from the 
last displayed estimate with p = p/y and from Theorem 14.121 that, for any prime p in 
the interval (y, My) and for x sufficiently large, we have 

3 

4 ' 



M,{ V „+e)J , > 
x \ Xm,p I ^ 



Now let Y be the number of j in the interval I := [Or] + e) Jo, (rj + 2e) Jo] such that 
[Xj] = {p} for some prime p with y < p < My and Xm]jT holds. Write Y = J2jel 
where Yj is 1 if [Xj] = {p} for some prime y < p < My and zero otherwise. We compute a 
lower bound on ~E X Y as follows. The event Xm,p _1 is independent of the event [Xj] = {p}. 
By ([23]) and the definition of Jo we have tp(x/p,y)/tp(x,y) ~ (logy) /p. Hence, 

E * y = E E p (ra = M) p (^ _1 ) 

jeJ y<p<My 



> 



E E ^"ptxS- 1 ) 

je/ y<p<My 

7r(y) logy 



*£ E 



2 J'e/ y<p<My Jq P 



for x sufficiently large. By the prime number theorem, 

^ (log y)/p ~ log M > log L = 36" 1 

i/<p<Mj/ 

The outer sum has at least e Jq terms, hence 



E x Y>±(eJ )^(3e- 1 ) = ^(y). (49) 



In Lemma 14. 191 below, we will prove the second moment bound 

vr(y) 2 ' 



Coy (Yi,Yj) = o 
Using, this lemma, 



T 2 



Var(E) = ^Cov^,^) 

< E x Y + 2 Cov (Yi,Yj 



o(n(y) 



i,j£l,i<j 

2\ 



34 



Together with (09|), this implies that ¥ X (Y > ir(y)) — > 1. Recall from (@3|) that this 
implies more than 7r(y) linear dependences among the classes [Xj] with j < (77* + 2e) Jo- 
Since e > was arbitrary, this completes the proof of the theorem, modulo the lemma. 
□ 

Proof of Theorem 14.11 In the previous section, we chose M to be absurdly large, 
which allowed us to use only those j in the interval [(77* + e) Jo, (77* + 2e) Jo]. We can get 
much more reasonable values of m, M and k if we are willing to let 77 be a little bigger 
and to use all the values of j up to 77 J. The computations are in fact no harder (although 
the required convergence lemmas did involve more work in the previous sections). 
Fix 77, m, M and k satisfying the inequality in the hypothesis of the theorem. Let 

J 

Z ■= ^ Zj := # j-? - J '■ Xm'i'p 1 occurs for a11 P G [-X>] J . 

J=l 

Again, Lemma 14.191 implies Var (Z) = o{ix{y) 2 ). If we are able to show 

liminf-f-r > !> ( 50 ) 
x^oo iryy) 

then we would have ¥ X (Z > vr(y)) — ► 1, which would imply more than 7r(y) linear 
dependences, thus establishing the theorem. 

To prove (|50j) . break down EZj according to the value of [Xj] and using independence 
of Xj from Xm',k~p ■ Tnis § ives 

s 

/ M,7-l\ 

S 00 

(lQg7/)l S l ^(X,7/) -pj M,i/Jo/ / \ 

5 UptsP x pe5 

The final equality above used both equation (I23j) and the formula (146p of Theorem 14.121 
Continuing, we use the identity ip(x,y)/x = 7r(y)/J , factor out this term, and rewrite 
the summand as a product: 



J ° d „ C Q V P / 



5 pes 

Let .B be any set and {z p : p G B} be any positive real numbers with finite sum. Let B 
denote the set of finite subsets of B. Then 

yi n z p = n + z p^ ^ ex pC/Z z p) ' 

seBpss pes P eB 
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as max p g£ z p — ► 0. Using this identity, we obtain 

w 7 7r(y) / 1 \- logy mj/ Jo/ / \ 

~ ^ exp U ^ W m ' fc {p/y) 

by the prime number theorem. The asymptotic equivalence is uniform in j < t]Jq. 
Summing from j = 1 to rj Jq now gives 

^z n ( ( M i tf , 



du . 



o u 



By the hypothesized inequality, the right-hand side is greater than 1, which establishes 
(|50p and completes the proof of the theorem. □ 



Lemma 4.19 Fix a finite real M > 1 and n > and an integer m > 1. Fix 1 < A; < oo. 

Cov(Z l ,Z j ) = o(^|- 

/or all 1 < i < j < nJo. The same is true with Cov (lj, Kf) in p/ace o/ Cov (Zj, Z,). 

Proof. Both arguments are the same, so we prove this just for Cov (Zj, Zj). It suffices 
to show that 

E x (Zi ■ Zj) ~ (E X Z { ) ■ (E x Zj) , 

uniformly for 1 < i < j < J. Conditioning on [Xi] and [X,-], we see that this is the 
expectation of 

E x {Zi\[Xi],[Xj])-E x {Zj\[Xi],[Xj]). 

The sets [Xi] and [Xj] are disjoint with probability going to 1, so it suffices to show 
that E x (Zi\ [Xi], [Xj]) and E x (2'j|[Xj], [Xj]) are asymptotically independent when [Xj] 
and [Xj] are disjoint. We have seen in Lemma 14.151 that the collection of hypergraphs 
Q m ~p' x for p G [Xi] and Q m 'l~^~ ,x for V G [-^j] are disjoint and tree-like with probability 
going to 1, and asymptotically independent. The same is true of the marked hypergraphs, 
by Lemma 14.161 Since Zi is a bounded function of [Xi] and the marked hypergraphs 
(@m'k~p^' X ^m'kp 1,X ) f° r P e [-^»]' ana - likewise for [Zj], we have the desired conditional 
independence. □ 



5 Implications for Factoring Algorithms 

In factoring algorithms we need to find a linear dependence mod 2 in our matrix of 
exponents. We expect that the best algorithms known, due to Wiedemann or Lanczos 
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(see section 6.1.3 of [1]), take time 

r y 2 



log y log log y 

for a positive constant C, when we use the primes up to y in our "factor base". If we 
were to take y = yo then this number would be far larger than Jo and so would dominate 
the running time of the algorithm. Hence, to optimize, we select y = y\, which is far 
smaller, chosen to equalize the running times of the two main parts of the algorithm, so 
that 

7r(y) y 2 



V(x,y)/x logy log logy 
for an appropriate constant c > 0. One can show that one then has 



(51) 



with expected running time 



l-(l+o(l))/loglogx 
tfl — S/0 ' 



7 fl+0(l))/(l0gl0gx) 2 



(see |51). 

The proofs in the previous section work, as well for yi, as for y$. In particular we 
can determine the speed-up for various choices of the parameters (though always with 
m = oo, see [5] for more details): 



k 


M = oo 


M = 100 


M= 10 





1 


1 


1 


1 


.7499 


.7517 


.7677 


2 


.6415 


.6448 


.6745 


3 


.5962 


.6011 


.6422 


4 


.5764 


.5823 


.6324 


5 


.567 


.575 


.630 



The value of 77 such that there are ~ 7r(y) 
pseudosmooths amongst the a,j with j < rj7r(y)x/^f(x,y) . 



So what effect will this reduction in the number of a,- examined have in the actual 
running time? Suppose that we replace c in (|5ip by rjc, and determine that the new 
running time is given by (|5ip . after solving (|5ip to determine y = y v . 

Now finding this solution is tantamount to finding a solution to /i(tt^) = log(cr/ log log y) 
where h(u) := ^logrr; + log p(u). We have h'(u) = — 1 — (1 + o(l))/logu) and so 
ui — u i) = log?y(l — (1 + o(l))/ log it). Our running time therefore changes by a fac- 
tor of 

J—JL (2( Ul -u v )logx\ /21ogr/logx/ 1 + o(l) 

~ x u, i "i = exp ■ = exp ^ 1 

V U!U V ) \ uf V 1 °S' U 

= exp (log r/(log log x + log log log x — log 2 — 4 + o(l))) 

2e 4 +0 (l) 



log x log log X 
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i 2 1 2 r / \ ( i i log log logx— log 2— 4+o(l) \ 

since log z yi = log z L(x) [1 + i og io g x ) ■ 

Data on the effect of large prime variations that has been gathered from running 
factoring algorithms, seems rather different from what we have obtained here. One 
reason for this is that, in our analysis, the variations in M and k simply affect the 
number of cij being considered, whereas in reality these affect not only the number of aj 
being considered, but also several other important quantities. For instance, the amount 
of sieving that needs to be done, and also the amount of data that needs to be "swapped" 
(typically one saves the ctj with several large prime factors to the disk, or somewhere 
else suitable for a lot of data). It is an interesting problem to try to properly analyze the 
construction of programs, so as to incorporate the results that we have obtained and to 
get predictions that would help the choice of parameters in computer algorithms. 
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